OpenAI Just Built a Hacker. Then Gave It to the Good Guys.
Table of contents
On Monday, OpenAI released GPT-5.4-Cyber. It is a version of GPT-5.4 fine-tuned to be what they call "cyber-permissive." That means the guardrails that normally prevent the model from engaging with offensive security techniques have been deliberately lowered.
The model can reverse-engineer compiled binaries without source code. It can map program logic, flag malware behavior, and identify vulnerabilities in executables. It is the first OpenAI model with public support for binary reverse engineering.
This happened one week after Anthropic released Mythos, a model that can autonomously identify targets, form exploit hypotheses, test them against running systems, and produce complete exploits without human intervention.
Two of the largest AI companies just built offense-capable models. They disagree on who should have them.
What GPT-5.4-Cyber Actually Does
The standard GPT-5.4 refuses most requests that touch on vulnerability exploitation, binary analysis, or offensive security techniques. GPT-5.4-Cyber removes those refusals for verified defenders.
Specifically, it enables:
- Binary reverse engineering without source code access. Point it at a compiled executable and it maps the program logic, identifies vulnerability patterns, and flags potential malware behavior.
- Vulnerability analysis at the code and binary level. The model can trace data flows, spot buffer overflows, identify authentication bypasses, and flag injection vectors.
- Defensive workflow acceleration. Security analysts can use it to triage incident reports, analyze suspicious files, and generate detection signatures.
On capture-the-flag benchmarks, OpenAI's models have improved from 27% (GPT-5, August 2025) to 76% (GPT-5.1-Codex-Max, November 2025). GPT-5.4-Cyber's exact CTF score has not been published, but it builds on that trajectory.
The Access Model: Trusted Access for Cyber
OpenAI is not making this model generally available. Access goes through the Trusted Access for Cyber (TAC) program, launched in February 2026 alongside a $10 million cybersecurity grant fund.
The program uses tiered identity verification:
- Base tier: Standard verification, access to general models with standard guardrails
- Higher tiers: Stronger KYC and identity checks, unlocking progressively more permissive capabilities
- Highest tier: Full GPT-5.4-Cyber access with binary reverse engineering and lowered refusal boundaries
Individuals can verify at chatgpt.com/cyber. Enterprise teams request access through OpenAI representatives.
The scale is significant: thousands of individual defenders and hundreds of security teams. This is not a private beta. It is a deliberate, broad deployment of offense-capable tooling behind a trust gate.
Mythos: Anthropic's Opposite Bet
Anthropic's Mythos takes the same technical capability in the opposite distribution direction.
On Mozilla Firefox security tests, Mythos achieved 181 successful exploit conversions versus just two for earlier models. On the UK AI Safety Institute's 32-step corporate network simulation, estimated to take human experts 20 hours, Mythos completed the entire chain in 3 of 10 attempts and averaged 22 of 32 steps across all runs.
That is a model that can autonomously chain a multi-step intrusion from initial access to data exfiltration.
Anthropic's response: lock it down. Project Glasswing limits access to roughly 40 organizations including Amazon, Apple, Microsoft, and JPMorgan Chase. Anthropic determined the model's autonomous capabilities posed excessive risks for broader circulation.
Two Philosophies, One Question
This is the most interesting strategic divergence in AI right now.
OpenAI's position: "We don't think it's practical or appropriate to centrally decide who gets to defend themselves." Broad access to verified defenders. Trust the verification layer, not the restriction layer.
Anthropic's position: The model's autonomous attack-chaining capability is too dangerous for wide distribution, regardless of who is requesting access. Restrict first, expand later.
Both are responding to the same reality: vulnerability discovery-to-exploitation timelines have collapsed from months to seconds. AI models can now find and exploit vulnerabilities faster than human defenders can patch them.
The question is whether the defense should be centralized (a few elite teams with the best tools) or distributed (thousands of defenders each armed with capable tools behind identity verification).
The AISI Reality Check
The UK AI Safety Institute's evaluation of Mythos is the most sober analysis available. Their key finding: the test environments lack active defenders, defensive tooling, and standard enterprise hardening. No penalties for triggering security alerts. No simulated SOC team responding in real time.
Their conclusion: "We cannot say for sure whether Mythos Preview would be able to attack well-defended systems."
That matters. A model that chains 22 of 32 steps in a synthetic range may chain zero steps against a properly instrumented production network. Or it may chain all 32. We do not know yet.
What we do know is that the benchmark trajectory is steep. Expert-level CTF tasks that no model could complete before April 2025 now see 73% success rates. The gap is closing fast.
What This Means for Defenders
The practical implications are immediate:
Binary analysis is democratized. Reverse engineering compiled software previously required specialized researchers with years of experience. Now a verified analyst can point GPT-5.4-Cyber at an executable and get a vulnerability map.
The attacker-defender asymmetry is shifting. If attackers get autonomous exploit chaining (and they will, if they have not already), defenders need equivalent tooling. The question is not whether to build these models but how to distribute them.
Legacy systems are exposed. Costin Raiu from TLPBLACK noted that these models would have "a field day" with IBM systems powering banking infrastructure. Decades of accumulated technical debt just became searchable.
The verification model is the product. OpenAI's real innovation here is not the model. It is the trust infrastructure. Tiered KYC verification for AI capabilities is a pattern we will see in every domain where models have dual-use potential.
The Verdict
GPT-5.4-Cyber is not a breakthrough model. It is GPT-5.4 with the safety rails adjusted for a specific use case. The technical delta is fine-tuning, not architecture.
But the strategic delta is enormous. OpenAI just established the precedent that offense-capable AI models should be broadly distributed behind identity verification rather than restricted to a handful of elite organizations. Anthropic bet the opposite.
One of them is right. The vulnerability disclosure data over the next twelve months will tell us which.
The OpenAI announcement is at openai.com/index/scaling-trusted-access-for-cyber-defense. The UK AISI evaluation of Mythos is at aisi.gov.uk.